We’re trying to secure our application and someone yesterday suggested
a good idea.
Say we have blogs that belog to users our models would be something
like
class User < ActiveRecord::Base
has_many :blogs
…
end
class Blog <ActiveRecord::Base
belongs_to :user
…
end
we already have an authentication system inplace and on top of that we
have been doing something like
@blog = Blog.find(:first, :conditions => [“user_id = ?”,
session[:user_id]]);
but someone suggested using something like
before_filter {|cntrlr| cntrlr.user = User.find(session[:user_id]) }
in the controller so that we could make a call like
@blog = @user.blogs.find(:first)
(Actually they suggested that we place it in the application.rb but
not all of our objects have users.)
However, if we place it in the blog controller, like:
class NotebooksController < ApplicationController
before_filter { |ctrl| crtl.user = User.find(session[:user_id]) }
…
end
we get the folowing error:
undefined method `owner=' for NotebooksController:Class
I’m still a little new to this so I don’t really understand what’s
going on here or how to make it work (assuming that I can and the
person who suggested this isn’t leading me up the path). I understand
that there isn’t an ‘owner=’ function defined for the controller, but
shouldn’t ther be one for the model, or am I completely lost?
Dale